Ming-Li Tsai scite author profile

Ming-Li Tsai

2Publications

10Citation Statements Received

15Citation Statements Given

How they've been cited

How they cite others

Affiliations

National Cheng Kung University

Publications

Order By: Most citations

Multi-Character Processor Array for Pattern Matching in Network Intrusion Detection System

Chang

Tsai

Chung

2008

View full text Add to dashboard Cite

Abstract-Network Intrusion Detection System (NIDS) is a system developed for identifying attacks by using a set of rules. NIDS is an efficient way to provide the security protection for today's internet. Pattern match algorithm plays an important role in NIDS that performs searches against multiple patterns for a string match. Pattern matching is a computationally expensive task. Traditional software-based NIDS solutions usually can not achieve a high-speed required for ever growing Internet attacks. In order to satisfy high-speed packet content inspection, hardware-implementable pattern match algorithm is required. In this paper, we propose a hardware-based pattern match architecture that employs a multi-character processor array. The proposed multi-character processor array is a parallel and pipelined architecture which can process multiple characters of the input stream per cycle. The proposed architecture can reduce a lot of unnecessary computations and thus it is power efficient. We use Snort pattern sets and DEFCON packet traces to perform our simulations. Our experiment results show that, with a 3-character processor array, we can reduce 83% of the computations compared with the brute force approach.

show abstract

Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems

Chang

Tsai

2008

View full text Add to dashboard Cite

Abstract-With the increasing growth of the Internet, the explosion of attacks and viruses significantly affects the network security. Network Intrusion Detection System (NIDS) is developed to identify these network attacks by a set of rules. However, searching for multiple patterns is a computationally expensive task in NIDS. Traditional software-based solutions can not meet the high bandwidth demanded in current high-speed networks. In the past, the pre-filtering designed for NIDS is an effective technique that can reduce the processing overhead significantly. A FNPlike TCAM searching engine (FTSE) [5][6] is an example that uses an 2-stage architecture to detect whether an incoming string contains patterns.In this paper, we propose two techniques to improve the performance of FTSE that utilizes ternary content addressable memory (TCAM) as pre-filter to achieve gigabit performance. The first technique performs the w-byte suffix pattern match instead of using w-byte prefix. The second technique finds the matching results from all groups rather than first group. We finally present the simulation result using Snort pattern set and DEFCON packet traces.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ming-Li Tsai

Multi-Character Processor Array for Pattern Matching in Network Intrusion Detection System

Improved TCAM-Based Pre-Filtering for Network Intrusion Detection Systems

Contact Info

Product

Resources

About